Do you want a repeat of Wanacry? Do you want an Internet Impacting Worm in the middle of the COVID-19 Crisis? All organizations can take two steps to minimize the risk of a potential Internet worm. First, they can deploy an access-lists on the edge of their network that block TCP/UDP port 445. This can Read More
Get Started in the Security Industry
Get started in the Security Industry, What are my first steps? If you are reading this, you are doing the right type of security digging. You are looking for ways to get started in the security industry. You have a desire to dive deep in the security world. Welcome to the world of chaos, Read More
Flagging Mail Messages in the new iPadOS
Flagging Mail Messages in the new iPadOS turned into one of those “WTF” moments in my first iPadOS experience. Yes, sometimes the process of improvement can create unexpected frustrations. Here, Apple could have done a better job letting people know of a change that required “habits” to shift in order to gain new functionality. Read More
Breakthrough IOT Security to Secure Smart Cities
The Global Cyber Alliance (GCA) announced their latest IOT Security tool. Automated IoT Defence Ecosystem (AIDE) is a platform built for IOT vendors and researchers. IOT is powerful capability that will be developed by innovators all over the world. The 25 billion by 2021 is a drastic underestimate. The IOT security threat is also underestimated. Read More
What Stops a Nation-State BGP Hijack?
Can Nation-State BGP Hijack Parts of the Internet? Yes, a Nation-State BGP Hijack is a threat on the Internet. Nation-States can orchestrate the manipulation of the Border Gateway Protocol (BGP) via “hacked routers all over the world. These routers would then be used to inject bad, misconfigured, or non-authorized routes all over the world. The result Read More
A Deep DNS Dive on the Recent Widespread DNS…
In February 2019, Brian Krebs Deep DNS Dive updated the world about a new type of “DNS-based Man-in-the-Middle” attack. A Deep Dive on the Recent Widespread DNS Hijacking Attacks summarizes two reports. The first from Cisco Talos’s DNSpionage Campaign Targets the Middle East. The second is from Mandient Global DNS Hijacking Campaign: DNS Record Manipulation Read More
Security Collaboration – How do you start?
We see weekly posts, pontifications announcements, and proclamations about the need for greater security collaboration. Many times, the organizations and groups who are posting these “aspirations” fail to take the collaboration to the next step. They are not sure how to break into productive security collaboration. In the security community, “productive security collaboration” is built Read More
5G Latency – Reality Checks
The industry is flooded with a lot of “5G will save the planet” without doing the homework to understand what is going on. It is shocking to see disinformation statements that “5G is expected to slash data transmission delays from about 30 milliseconds to less than one.” Yes! 5G defines the law of physics! 5G Read More
What can Enterprises do to protect against BGP Hijacks?
Yes, you can minimize the risk to BGP Hijacks. All enterprises around the world need to have a conversation around BGP Hijacks. We see security news around malware, phishing ransomware, DOS attacks, breaches, and range of other attacks. What we do not see is conversations around BGP Hijacks. A BGP Hijack can happen on one Read More
7 Critical Security Conversations
There are 7 Critical Security Conversations everyone needs to have with your vendors, your supply chain partners, and other organizations who help with your security & resiliency posture. The wave of supply chain security conversations that was sparked by the Bloomberg articles has people talking (see The Big Hack: How China Used a Tiny Chip Read More